package com.smallA.config;

import com.smallA.constant.AccessConstant;
import com.smallA.filter.JwtVerityFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

import javax.annotation.Resource;

/**
 * @author 君未洋
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //继承了这个类之后就相当于这个类拥有所有的SpringSecurity所有的配置

    @Resource
    private RsaKeyProperties prop;

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/Test/downloadTemplate")
                .and().ignoring().antMatchers("/myTest/*");
        //这个就是配置对应路径下的资源不去拦截
    }

    /**
     * 配置SpringSecurity基本配置
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*这里就是配置基本的登录页面,角色,登录相关的提交等等等*/
        http.authorizeRequests()
                .antMatchers("/**").hasAnyRole(AccessConstant.ROLE_STUDENT_ACCESS, AccessConstant.ROLE_TEACHER_ACCESS)
                .anyRequest()
                .authenticated();
        http.addFilter(new JwtVerityFilter(super.authenticationManager(), prop))
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.csrf().disable();
    }
}
